10 Cloud Security trends to watch in 2019
Security risk exists in every domain of technology, but it is becoming more of a concern when it comes to the cloud. Today’s cyberattacks are becoming increasingly more refined and harder to detect - which means sensitive data is more vulnerable than ever before.
Of course, there are a number of current tools and processes offered by providers to help secure your infrastructure, but safeguarding data in the cloud is a growing concern. Each company is different in IT infrastructure needs, size, capability, industry and budget. As enterprise operations expand to multi-cloud environments, data protection tactics must also evolve to address the growing number of possible threats.
Minimise your cloud security concerns by addressing these 10 key areas:
1. ACCESS MANAGEMENT
Access management is one of the most critical areas of cloud security and organisations need to plan very carefully to ensure a sound security process is in place.
However, even with an effective process in place, privileged credentials alone are often not the solution. Many breaches involve privileged credentials, which indicates that once a boundary is breached via an employee, potentially with a lower level of access, the credentials of someone with administrative access is eventually obtained.
One defence against this is the use of multi-factor authentication. You'll likely see a greater infusion of authentication apps for mobile devices in the coming year.
- To ensure the security of your infrastructure and data, it is important that you design a strong RBAC (role-based access control) strategy along with a directory service to manage centralised access. Often referred to as 2FA, two-factor authentication provides an additional security layer for cloud services by requiring users to submit a unique code or sequence that is received as a text message or provided by an authenticator app. There are many authenticator apps currently available and each follows an open standard for generating time-based disposable passwords. Most cloud services offer the feature and enabling it is fairly simple. You simply link your account with a designated device and the validation code will continue to be sent to that particular device for future logins.
2. DATA SECURITY
From the beginning, security has been one of the key concerns with storing data in the cloud. Data breaches, compromised credentials, broken authentication, account hijacking, as well as hacked interfaces and APIs continue to increase worldwide. For any business, your data is your most valuable asset and you want to make sure the right measures are taken to secure your data.
- Ensure that you have encryption enabled at rest, so if the access credentials reach the wrong hands, data cannot be tempered. Leverage a key management service or HSM to encrypt the data on the disk or in the database. When data is in transit, make sure data moves over SSL end to end. This can help prevent any data theft in the middle. As part of operation and support, think of hashing mechanism so that customer identities are not disclosed. Remember, IT no longer has full control over the provisioning, de-provisioning and operations of the cloud infrastructure. This decentralised ownership has increased the complexity for IT teams to provide the compliance and risk management policies required to protect their businesses. IT needs to find new ways to exert soft controls to protect the business, while not inhibiting the agility their stakeholders expect now from the cloud.
3. INFRASTRUCTURE SECURITY
Cloud gives developers and organisations the freedom to experiment and scale with ease. But with freedom comes a great responsibility to protect the growing attack risks. You must have adequate security in place at every level from the perimeter to the application. Infrastructure periphery is the entry point to your premise, and it is very important that it is secured. There are different ways to build the security around your infrastructure.
- From a network perspective, ensure that you have segregated network and subnet ranges. Especially your application and data store should reside on the private subnet, and entry should only be allowed from single source i.e. load balancer. Deploy site to site VPN connectivity, and direct connect in case of communications between two data centers or sites. Provide client to site VPN connectivity for people to connect to the infrastructure if required remotely. Build network access controls to only allow specific protocols and ports to traverse the data to and from.
4. MICROSERVICES SECURITY
One of the most trending challenges for the year ahead is security for microservices or containers. As more and more organisations move towards microservice & container-based architectures, managing the operation of these containers and microservices has become more and more painful. It is recommended to use different automation tools and configuration management tools to build the images for the VMs or containers. Build standard hardening practices to ensure each new image is hardened with standard procedures.
- Ensure there is a standard practice built around updating your images regularly for security patches. This can be accomplished monthly or quarterly. Deploy tools that can monitor different microservices, which will provide data paths for end to end and transactions. Look for appropriate anti-malware tools to deploy as part of your hardened images. Having an approach of keeping golden images is highly recommended. Ensure that your automation playbooks deploy the latest hardened images to keep all microservices consistent and current with the patches and software updates. Starting from the dev environment to the production environment, it is strongly recommended that VM images or container images remain consistent and get promoted along with release.
5. THREAT MANAGEMENT
Cyberthreats have evolved in both sophistication and quantity - making today’s threat landscape exponentially more dangerous. This is why identifying and repairing security gaps in your cloud infrastructure must be automated as much as possible.
Your cloud security arsenal should be a collection of tools working in harmony to remediate vulnerabilities. Despite their assumed limitless abilities, artificial intelligence and machine learning innovations won’t guarantee success on their own. These tools can help detect modern threats like man-in-the-middle (MitM) attacks, SQL injections, zero-day exploits, malware distributed via phishing or common password attacks
- The human element remains the weakest link in cloud security. In cloud computing, the human error risk multiplies as misappropriated /compromised credentials are able to wreak havoc with significant cloud data and applications. IT departments should provide enterprise security education to users, deploy strong use policies and also apply cloud security practices.
6. VULNERABILITY MANAGEMENT
Remaining fully aware of the potential vulnerabilities with your applications, microservices and infrastructure is vital. If ignored, these vulnerabilities open up the entry gates for intruders and hackers of all kinds. Organisations should perform application and infrastructure vulnerability assessments on a regular basis, and if any risks are identified, the security team should work towards remediating those immediately.
- Security experts can use different tools available in the market to perform static and dynamic vulnerability assessments to identify risks and different severities too. You should also perform host level vulnerability assessments, by running different tools to identify any risks at the OS level. Developers might be using open source or third-party libraries as part of their code base and it is important to assess those libraries and keep them up to date to avoid any security risks. Run these assessments on a monthly or quarterly basis, or as per business requirements.
7. SECURE SDLC
As the applications move towards microservice based and decoupled architectures, the same is becoming more common for the teams as well. Teams are moving towards distributed and remote designs and it is very important to define secure software development life cycle.
If IT teams don't follow a standard practice of coding, it is hard to build a quality product. In the same way, if IT teams do not follow secure coding practice, it is very hard to build a secure product. Also, product engineering teams are moving more towards lean and nimble arrangements and are making engineers responsible for product quality and security. The more tools deployed to identify security risks, the sooner teams can identify and fix it.
- Use static code scanning plugins to identify vulnerabilities as developers code, which can help proactively remediate those risks. Most organisations have moved towards continuous integration and a continuous delivery (CICD) model to reduce their time to market. Integrate code scanning tools as part of the CICD pipeline to identify any vulnerabilities before it makes into the production environment. If containers are used, deploy appropriate tools to perform signature checks on the container images before containers are spawned.
8. LOGGING & AUDITING
Logging and auditing is a very important area of security. You can identify data points and patterns of security risks behaviour related to applications, hosts, network and infrastructure. Visibility into all access and flow logs across all layers of your cloud infrastructure provide you with a dynamic ledger and audit trail if incidents occur.
Flow logs can help you in capturing information about the IP traffic going to and from network interfaces in your environment. Beyond security, they can also help you with monitoring the traffic that is reaching your instance and troubleshooting why anticipated traffic is not reaching an instance.
- Developers may need different types of logs to debug the application. Deploy log management tools to help developers with debugging rather than granting access to production environments. Stream host level logs, network logs and infrastructure logs to log management tools. SIEM plays a crucial role in security and hence it is important to design and deploy SIEM as part of your infrastructure management system. For different compliance needs, you need to plan for retaining and archiving these logs for a pre-defined duration.
9. INCIDENT RESPONSE
Despite following every best practice, attacks are likely to happen, and your environment will be tested. The best solution is to be ready for anything. Implement a holistic incident response model that remediates security vulnerabilities and incidents as soon as they arise.
With the dynamic nature of the cloud, it’s important to continuously monitor your infrastructure to discover anomalies, validate security best practices and uncover any weaknesses. This is obviously impossible if you are considering a manual process, but with the infrastructure standardisation introduced via the cloud, in conjunction with programmatic controls, automation of security best practices has now become a reality.
- Knowing your cloud compliance and security posture in real-time is the best way to bulletproof your cloud infrastructure and sustain business continuity. Automation allows for you to quickly assess and mitigate vulnerabilities in real-time, while the best tools also provide remediation functions to resolve issues. Remember, incident response is about threat resolution and not simply threat awareness.
One of the major concerns among many businesses is maintaining regulatory compliance in a multi-cloud environment. Organisations who routinely handle highly sensitive information using cloud storage or backup services must make sure that they are following data security best practices. They have to be knowledgeable about their infrastructure and whether it is consistently compliant to avoid legal consequences.
Sectors that are subject to unique compliance regulation include financial services, legal, government, insurance, and healthcare agencies. If you fall in one of these categories, spend some time getting acquainted with maintaining the proper regulatory compliance standards associated with your field. Which also means having a thorough knowledge and understanding about the type of cloud services that you use.
- HIPAA, ISO, PCI-DSS, CIS, NiST and SOC-2 are all examples of compliance standards that govern how private data is handled – standards that can be automatically maintained with the right management platform. Regional data compliance regulations also must be accounted for with the advent of the General Data Protection Regulation (GDPR) by the European Union. The new law sets boundaries on controlling and processing personally identifiable information (PII) – which have even greater implications in the cloud with the sheer volume and complexity of data exchanges.